Bleeping computer reports about a new attack called “Slopsquatting.” This is a supply chain attack similar to Typosquatting–when hackers purchase domains that look similar to legitimate ones.
LLMs sometimes generate nonsense, which we call hallucinations or slop. Typosquatting, a phishing attack targeting human finger dexterity failures, is the squatting part of the name.
When unsuspecting users make a common typo when entering a domain, they are directed to the hacker’s phishing website. Similarly, a chatbot such as ChatGPT might recommend installing packages that don’t exist from public repositories. If the LLM directs the user to install a package that doesn’t exist from npm, a hacker might upload a malicious package by that hallucinated name and wait for the LLM to recommend it to the victim.
Here is an example of ChatGPT recommending me an RSS reader.
There is a real RSS reader by that name but the website is www.vienna-rss.com, and it appears to be a legit one with a long history and an active Github project. If a bad actor wanted to execute a slop-squatting attack, they could set up a phishing site pretending to be the Vienna RSS reader. An unsuspecting user might then install a compromised version of that software.
Now that’s bad news!
What is vibe coding?
Vibe coding, a new programming workflow, involves human programmers collaborating with LLMs to write most of a software project’s code. Humans prioritize requirements, testing, and feedback to the LLM, leading to an efficient coding process.
Vibe coders might be most susceptible to this attack since they rely heavily on LLM-generated output in their workflow. However, anyone should be vigilant whenever an LLM recommends installing software or visiting a website.
The article also mentions no known instances of active exploitation, but it will likely be one to watch. As always, please be sure to exercise caution when interacting with AI-generated content.